BB&C Newsletter

The Newsletter of Big Blue and Cousins: The Greater Victoria PC Users' Association—Web Edition
Volume: 23 Number: 9, November 2006

A Web-based Document Store

by George Bowden

Can you put a shortcut on my desktop to the letterhead, please?"
"Where the *&^% is the source file for the brochure?"
"If I wrote the procedure, where would people find it anyway?"

“What these people needed was a listing of core documents, like the one shown below: when they click on the link for a document, it is downloaded to their local machine.”

Questions like these, from a couple of organizations, led me to develop a web-based document storage system for electronic documents. What these people needed was a listing of core documents, like the one shown below: when they click on the link for a document, it is downloaded to their local machine.

The requirements are:

Several levels of access permission, e.g. only admin can upload documents, only staff can download highly sensitive documents, members can download less sensitive documents, and the public can download any non-sensitive documents.
Documents need more than filenames and directory names. They need titles, descriptions, published dates, uploaded dates.
The client interface needs to be a web browser, with no installation required on client machines.
No web master should be needed to upload documents or get them shown in a listing.
The document listing could be sorted by description, and the available listings searched by using the browser's "find in this page.."

With modifications to use Big Blue and Cousins' privileges system of access, the system could be used by BB&C for core documents, such as procedures and brochures.

The tree of the website directories looks like this:

www (start of web tree, home page with links to access controlled pages)

admin (web forms to upload, and delete documents)

documents (includes documents available only to admin)

staff (web forms to list and download documents)

documents (includes documents available only to staff and admin)

members (same as above)
public (web forms to list and download documents available to all)

The organizations wanted only one password for each level of access (admin, staff, etc). They did not want to manage passwords for each user. Separate directories for each access control level were created, protected by basic authentication. The password files are protected by being outside the web tree. This method of authentication prevents people from accessing files by guessing likely titles, like "members addresses.doc".

As webmaster of these sites, I had some other requirements, too. The tool was to require no more than minimal PHP and MySQL support, but more than just Shaw or Telus webspace.

I looked at some ready-made scripts, but those I found were either trying to be all things to all people, or had no authentication. There would be advantages to using open-sourced PHP modules, in that one could hope that they would be maintained by more than one person, soon to be hit by a truck. So I should forward my solution to a code repository organization, like phpclasses.org. That would require rewriting to meet their object-oriented requirements.

By implementing a couple of these sites, I learned what code could be common to all sites, and what could be factored out to some site-dependent constants, stored in a separate file. That was the best part of what I learned.

I used Homesite to create the web pages, Komodo to debug the PHP syntax, and WAMP5 to test the system locally before uploading it to the production website. I'd like to learn how to debug the server side code using Komodo.